So I have a number of folders (in a CMF site, but that shouldn't matter) with various permissions. If I want certain roles to access the folder, I give it 'View' and 'Access contents information' permissions, and the reverse otherwise. In Zope 2.3.3, I could do a dtml-in on "objectValues(['Folder'])" with skip_unauthorized and it would work passably well. It might not get the sequence variables right, but at least things got shown when they should have been and not otherwise. Now I'm trying it on Zope 2.4, and no such luck. I know that there was some rewriting of the dtml-in rendering between these releases (probably the restricted execution arctitecture), but whatever happened, it doesn't work like it used to. Now I get a KeyError on the first attribute of the first unauthorized thing that comes up in the list. This is a result of trying to do this operation on a "Access contents info" restricted object. It's not skipping unauthorized. So I decided that I'd go and use ZopeFind, but since the folders might have local roles, it doesn't really work easily. I've been trying to figure out how to find out whether an object is allowed in a PythonScript so I can do it myself, but no luck so far. So either: 1) what's wrong with dtml-in in 2.4.0, and how can I fix it? or 2) how do I get this behaviour otherwise? --jcc (blast!)